New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable redirects to UNIX sockets #2047
Conversation
|
It seems that
Is 4 wanted? If so, why? The original request was made against a UNIX socket so given that 2 works I think it is ok if the client is redirected back to a UNIX socket. Also, unrelated to this PR but 2 can leak sensitive headers if the socket path is not the same. For example |
|
@lpinca Yes, this is expected. Got has no knowledge whether to trust the If that's not sufficient, I guess we could have an option to select desired behavior (#2046). Is the Edit: or we could have an allow list, or make
Thanks for reporting! I've opened #2069. That's rather an unlikely occurrence, since |
The difference I was thinking about is that when the original request is made against a UNIX socket, the client already expects to hit a server running on the same machine so it is not "tricked" into doing so and the redirect should be followed (at least if the socket path is the same as the original one). Anyway I'm not even sure if |
What is the use case for this?
Servers running on UNIX sockets tend to be more "important", for example |
No real use case, was just wondering why it was disabled.
Hmm, unconvinced. You would need a process running as root or as a member of the Docker group to access it. Anyway I do not need support for redirects to UNIX sockets so I do not care much :). |
No description provided.